The Ball is Now in Play to Extend the EHR Safe Harbor!

By Ann F. Triebsch and Kathie McDonald-McClure

clip_image002Barely two weeks after Rep. Jim McDermott (D-Wash) sent a letter to the HHS Office of the Inspector General (OIG) requesting that the Anti-Kickback Statute’s “safe harbor” allowing hospitals to donate electronic health record (EHR) items and services to physicians be extended, the OIG has proposed a rule to do exactly that.  On April 10, 2013, the OIG proposed a rule to extend the Anti-Kickback Statute safe harbor from December 31, 2013, to December 31, 2016.  On the same date, the Centers for Medicare & Medicaid Services (CMS) proposed a complementary rule to extend the Stark Law’s similar EHR exception to December 31, 2016.

EHR adoption goals not yet reached.  The original December 31, 2013 expiration dates under both laws had been established on the belief that the need for EHR donations would be tapering off by then.  The CMS proposed rule acknowledged that while “the industry has made great progress, use of such technology has not yet been universally adopted nationwide,” and remains an important goal.  The last year providers can receive Medicare EHR incentive payments is 2016, which also is the last year providers can begin participation in the Medicaid EHR incentive program.  The Medicaid program payments end in 2021. 

Fraud and abuse risk concerns.  Both CMS and OIG reaffirmed the goal of promoting a free exchange of data (with due regard for privacy protections) achieved through EHR interoperability that benefits patient care.  However, both also expressed a concern that the safe harbor could be misused in a way that results in a data lock-in that would secure referrals.  Additionally, both CMS and OIG are concerned that the EHR safe harbor could be misused by providers and suppliers of ancillary services who do not have a direct and primary patient care relationship and a central role in the health care delivery infrastructure.  To balance these risks of misuse against the interoperability goal, CMS and OIG propose to limit the scope of EHR donors who can seek safe harbor protection to hospitals, group practices, PDP sponsors, and MA organizations and to specifically exclude laboratory companies and other high risk categories, such as durable medical equipment (DME) suppliers and independent home health agencies.  CMS and OIG are soliciting comments on these exclusions and also seek comments on whether other individuals or entities with front-line patient responsibilities, such as safety net providers, should be included.

ONC recognized as certifying agency for interoperability.  The current safe harbors require that the donated technology be deemed interoperable by a certifying body recognized by HHS no more than 12 months before the date the technology is donated to the physician.  Since the issuance of the original safe harbors in 2006, the Health Information Technology for Clinical and Economic Health Act of 2009 (HITECH Act) was passed. The HITECH Act resulted in the creation of a formal EHR certification program, the responsibility for which rests with the Office of the National Coordinator for Health Information Technology (ONC).  The ONC is now responsible for approving the certifying agencies that can deem an EHR interoperable.  Because the ONC-certified agencies ensure that the required EHR certification criteria are met, the current 12-month certification time frame also would be eliminated under the proposed rules.  Both of the proposed rules also eliminate the requirement that donated EHRs contain electronic prescribing capability, since the health care industry already has made substantial progress in this regard. 

Both rules are open for comments until June 7, 2013.  The CMS rule can be found here.  The OIG rule can be found here.

Leave a reply. Please note that although this blog may be helpful in informing clients and others who have an interest in information privacy and security, it is not intended to be legal advice. The information on this blog also should not be relied upon to form an attorney-client relationship.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.